gajus / table

Formats data into a string table.
Other
904 stars 76 forks source link

chore: remove use of `lodash` package to dodge CVEs #136

Closed ljharb closed 3 years ago

ljharb commented 3 years ago

lodash gets lots of CVEs, and has 2 on it right now that don't actually apply to you.

Depending on the base package, even with the babel plugin, still causes your consumers to all see vulnerability warnings.

This changes to use alternatives. In most cases I stuck with the lodash.foo packages; if you prefer those over the 3 cases where i switched to my own packages, i'm happy to switch them.

I also removed a bunch of lint warnings that seem to be failing on master.

coveralls commented 3 years ago

Pull Request Test Coverage Report for Build 238


Changes Missing Coverage Covered Lines Changed/Added Lines %
src/truncateTableData.js 0 1 0.0%
<!-- Total: 16 17 94.12% -->
Totals Coverage Status
Change from base Build 236: 0.0%
Covered Lines: 172
Relevant Lines: 236

💛 - Coveralls
ljharb commented 3 years ago

Although lodash v4.17.21 was released, resolving these CVEs, this PR would still avoid future such issues.

gajus commented 3 years ago

:tada: This PR is included in version 6.0.8 :tada:

The release is available on:

Your semantic-release bot :package::rocket: